Millions of clients have been affected by this incident
Network security and ethical hacking specialists
from the International Institute of Cyber Security reported a new data leaking
incident in a financial institution. According to reports, State Bank of India, the largest bank in the country, has leaked
financial data of millions of its costumers due to an unprotected server.
Sensitive data was accessible for anyone due to
this incident; the banking institution claims that the problem is currently solved.
According to network
security experts, the unprotected server was found by an anonymous
security researcher at one of the bank’s data centers.
The server stores a database
that allows bank’s customers to check their recent activities, balances and
payment card details. Nonetheless, the bank omitted to implement a password for
the server, thus anyone were able to access the exposed data, belonging to
millions of State Bank of India customers.
Network security experts were able to confirm
that the bank sent over 3 million messages through this server just in one day.
TechCrunch was able to confirm the bank sent
out over three million text messages, through the server holding information,
on one day alone.
“The data stored on this server could be used
for targeting future spear phishing attack victims, as it contains several
personal and financial details”, explained Karan Saini, network security
expert.
Even though the inconvenient has been fixed by
the State Bank of India team, it’s still unclear for how long the database was
exposed. The bank ignores the exact number of affected consumers too.
On the other hand, Ilia Kolochenko,
cybersecurity expert, explained: “India is becoming a growing market for cybercriminals.
As organizations keep asking customers for their personal data, malicious
hackers try to exploit security flaws to access such information. Due to its
large demography, India could be considered as one of the biggest data banks to
be abused”.
The
expert added: “About this incident, it is possible that any large financial
organization may face similar issues. Modern IT infrastructures are so
complicated that virtually no one has the pertinent information security and
monitoring process”.
